codebase-auditlisted

Performs comprehensive codebase audit checking architecture, tech debt, security vulnerabilities, test coverage, documentation, dependencies, and maintainability. Use when auditing a project, assessing codebase health, running security scans, checking for vulnerabilities, reviewing code quality, analyzing tech debt, or asked to audit/analyze the entire codebase.
Saturate/agents · ★ 0 · AI & Automation · score 66

Install: claude install-skill Saturate/agents

# Codebase Audit Audit the codebase like you're inheriting someone else's mess - be thorough and honest. No diplomacy, no softening. Focus on what actually matters: security holes, bugs, maintainability problems, and tech debt. If something is broken or badly done, say it. ## Audit Process Copy this checklist to track your progress: ``` Codebase Audit Progress: - [ ] Step 1: Check available tools - [ ] Step 2: Detect project type and run audits - [ ] Step 3: Detect tech stack and framework patterns - [ ] Step 4: Identify and document critical issues - [ ] Step 5: Generate high-level findings summary ``` ### 1. Check Available Tools Start by checking what tools you have available: ```bash command -v trufflehog command -v npm # or pnpm, yarn, pip, cargo, etc. ``` If any expected tools are missing, list them in your output and ask the user if they want to continue without them. Don't let missing tools block the entire audit. ### 2. Detect Project Type and Run Audits **Figure out the package manager and run the right audit:** - `package-lock.json` → `npm audit --json` - `pnpm-lock.yaml` → `pnpm audit --json` - `yarn.lock` → `yarn audit --json` - `requirements.txt` / `poetry.lock` → `pip-audit --format json` or `safety check --json` - `Cargo.toml` → `cargo audit --json` - `go.mod` → `go list -json -m all | nancy sleuth` - `*.csproj` → `dotnet list package --vulnerable --include-transitive` **Secret scanning:** Need help with TruffleHog? Check [references/secret-scanning.